Re-enrolling a Computer Using Automated Device Enrollment

Jamf Now Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Typically, devices are enrolled with Jamf Now via Automated Device Enrollment during Setup Assistant. If a computer was not enrolled during setup, you can retroactively update the enrollment by following this workflow.

Benefits of Automated Device Enrollment include:

  • Access to macOS updates via Jamf Now

  • Non-removable management profiles

Requirements
To enroll a computer with Automated Device Enrollment, ensure the computer:

  • Has macOS 10.13 or later

  • Has Find My disabled or is signed out of iCloud
  • Is logged in to the local account you plan to manage, and that the account has administrative privileges.
    Note:

    You can downgrade the account to standard after enrollment if desired. For more information, see Change Users & Groups settings on Mac from the Apple Support website.

  • Is enrolled in Apple Business Manager or Apple School Manager

    To check if a computer is enrolled in either program, navigate to Auto-Enrollment > View Devices. If Jamf Now recognizes the device as enrolled in Apple Business Manager or Apple School Manager, serial numbers for the device will be displayed.

    Note:

    The View Devices option only displays after the Auto-Enrollment pane has been configured in Jamf Now.

  • If a Mac already has a Jamf Now MDM profile installed, verify that the computer's device dashboard in Jamf Now displays a status of Enrolled, Auto-Enrolled, or Unenrolled. Details may be out of date.

  1. Open the Terminal app for the required computer and do the following:
    1. Enter the command:
      sudo profiles renew -type enrollment
    2. Press Return.
  2. Type the password for the local account and press Return.
  3. For macOS 14 or later, do the following:
    1. Click Enroll on the Remote management screen.
    2. Enter the password for the local account and click Enroll.

      A status of Enrollment Complete displays on the Remote Management screen.

    3. Click Quit.
  4. For macOS 13 or earlier, do the following:
    1. Click Details on the Device Enrollment notification banner that appears in the upper right-hand corner of your screen.
      Note:

      If the banner does not immediately appear, click on the date in the upper right-hand corner of your Mac. This should display recent notifications, including the Device Enrollment banner.

    2. Follow the prompts to install the necessary profiles.

When the enrollment process is complete, the Jamf enrollment profile will not be removable due to the device being enrolled via Automated Device Enrollment. Enable Find My or sign in to iCloud on the computer after enrollment to share its Activation Lock bypass code with Jamf Now.

Note:

If Find My was enabled prior to enrollment, disable Find My on the device, and then re-enable Find My. The Activation Lock Bypass Code in Jamf Now will be updated in the device record the next time the device syncs with Jamf Now.

Jamf enrollment profile on Mac.

Important:

If you enabled FileVault prior to enrollment and you want to store FileVault keys in Jamf Now, you must escrow a new FileVault recovery key. For more information, see Generating a New FileVault Key for Escrowing with Jamf Now.